Hello,
I have some log files that have rows like this:
station1 on 15387 15646 130 Y
Values are separated by tab
With logstash I would transform the first_seen and last_seen in timestamp, because they are the number of days after 1/1/1970
So basically I should just multiply by 86400 to have seconds and then use the logstash date funcion.
The code below is not doing what I am expecting
if [type] == "test_log" {
csv {
separator => " "
columns => [ "client", "status", "first_seen", "last_seen", "times_seen", valid" ]
}
if [first_seen] != "-" {
ruby
{ code => "event['first_seen'] = event['first_seen'].to_f * 86400"}
date {
match => [ "first_seen", "UNIX" ]
}
}
if [ast_seen] != "-" {
ruby
{ code => "event['last_seen'] = event['last_seen'].to_f * 86400"}
date {
match => [ "last_seen", "UNIX" ]
}
}
It seems that out of ruby code the variable is not set and in the logstash.log I have errors like "the - is not valid unix time" repeated for milion of times.
Can you please give me an hint?
Thanks in advance